'Spear Phishing' Rises to New Heights

On March 30, cybercriminals stole millions of records from marketing firm Epsilon, which handles e-mail campaigns for some of America’s largest brands. About 50 of the company’s clients were compromised, including JPMorgan Chase, Target, Verizon and Kroger.

And while Epsilon execs said that only names and associated e-mail addresses were stolen, pharmaceutical company GlaxoSmithKline, a former Epsilon client, told its customers that not only were e-mail addresses stolen, but also first and last names, as well as the product Websites tied to their registration records.

According to a www.standard.net article by Leslie Meredith, if you receive e-mails from a credit card company, online merchant, or a hotel rewards program, you could be the target of an e-mail phishing scam, called spear phishing.

“Spear phishing refers to a targeted attack, one that uses names and other personal data,” Meredith wrote in the Standard-Examiner article. “No surprise that spear phishing has a better success rate than anonymous phishing campaigns. Names, e-mail addresses and even drug information make it much easier for criminals to craft persuasive, personalized e-mails that could prompt consumers to supply their coveted credit card numbers, turning ordinary phishing into spear phishing.”

To avoid being fooled by an Epsilon-related scam, or a similar scam, here’s what to look for:

When you spot an e-mail from a merchant, you may open it, but don’t reply to the e-mail and do not click on a link contained in it.

Beware of fake Epsilon Web pages. On April 14, a fake Epsilon Website claimed to have an update through a downloadable file. However, the file contained malicious code that could steal sensitive information from computers without the user ever knowing it.

Report spear phishing e-mails to the government’s Computer Readiness Emergency Team at phishing-report@us-cert.gov.

Strengthen e-mail account passwords and online accounts associated with companies that might have been compromised by the Epsilon scam.